安全入口

app/Http/Controllers/AuthController.php

@@ -66,13 +66,14 @@ class AuthController extends Controller
                 }
             }
 
+            // 验证账号并创建会话
             if (!Auth::attempt(['username' => $username, 'password' => $password], $remember)) {
                 Session::flash('errorMsg', '用户名或密码错误');
 
                 return Redirect::back()->withInput();
             }
 
-            // 只校验普通用户
+            // 校验普通用户账号状态
             if (!Auth::user()->is_admin) {
                 if (Auth::user()->status < 0) {
                     Session::flash('errorMsg', '账号已禁用');

app/Http/Controllers/Controller.php

@@ -28,6 +28,12 @@ class Controller extends BaseController
         exit(createGuid());
     }
 
+    // 生成网站安全码
+    public function makeSecurityCode()
+    {
+        exit(strtolower(makeRandStr(8)));
+    }
+
     // 类似Linux中的tail命令
     public function tail($file, $n, $base = 5)
     {

app/Http/Controllers/PaymentController.php

@@ -39,7 +39,6 @@ class PaymentController extends Controller
     {
         $goods_id = intval($request->get('goods_id'));
         $coupon_sn = $request->get('coupon_sn');
-        $pay_type = $request->get('pay_type');
 
         $goods = Goods::query()->where('is_del', 0)->where('status', 1)->where('id', $goods_id)->first();
         if (!$goods) {
@@ -171,6 +170,8 @@ class PaymentController extends Controller
                 $alipaySubmit = new AlipaySubmit(self::$systemConfig['alipay_sign_type'], self::$systemConfig['alipay_partner'], self::$systemConfig['alipay_key'], self::$systemConfig['alipay_private_key']);
                 $result = $alipaySubmit->buildRequestForm($parameter, "post", "确认");
             } elseif (self::$systemConfig['is_f2fpay']) {
+                // TODO：goods表里增加一个字段用于自定义商品付款时展示的商品名称，
+                // TODO：这里增加一个随机商品列表，根据goods的价格随机取值
                 $result = Charge::run("ali_qr", [
                     'use_sandbox'     => false,
                     "partner"         => self::$systemConfig['f2fpay_app_id'],

app/Http/Kernel.php

@@ -62,6 +62,7 @@ class Kernel extends HttpKernel
         'throttle'      => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'isAdmin'       => \App\Http\Middleware\isAdmin::class,
         'isLogin'       => \App\Http\Middleware\isLogin::class,
+        'isSecurity'    => \App\Http\Middleware\isSecurity::class,
         'isForbidden'   => \App\Http\Middleware\isForbidden::class,
         'affiliate'     => \App\Http\Middleware\Affiliate::class,
 

app/Http/Middleware/isSecurity.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Components\Helpers;
+use Closure;
+use Log;
+use Session;
+
+class isSecurity
+{
+    /**
+     * 是否需要安全码才访问(仅用于登录页)
+     *
+     * @param         $request
+     * @param Closure $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $ip = getClientIP();
+        $code = $request->get('securityCode');
+        $websiteSecurityCode = Helpers::systemConfig()['website_security_code'];
+
+        if ($websiteSecurityCode) {
+            if ($code != $websiteSecurityCode) {
+                Log::info("拒绝非安全入口访问(" . $ip . ")");
+
+                return response()->view('auth.error', ['message' => '请使用安全码从<a href="/login?securityCode=" target="_self">安全入口</a>访问'], 404);
+            }
+        }
+
+        return $next($request);
+    }
+}

queue.sh

@@ -1,9 +1,10 @@
 #!/bin/bash
+cd `dirname $0`
 ps -ef | grep queue:work | grep -v grep
 if [ $? -ne 0 ]
 then
-    echo "start queue process successfully....."
+    echo "Queue start listen....."
     nohup php artisan queue:work database --queue=default --timeout=60 --sleep=5 --tries=3 >> ./queue.log 2>&1 &
 else
-    echo "queue is running....."
+    echo "Queue is listening....."
 fi

resources/views/admin/system.blade.php

@@ -165,6 +165,22 @@
                                                             </div>
                                                         </div>
                                                     </div>
+                                                    <div class="form-group">
+                                                        <div class="col-md-6 col-sm-6 col-xs-12">
+                                                            <label for="website_security_code" class="col-md-3 control-label">网站安全码</label>
+                                                            <div class="col-md-9">
+                                                                <div class="input-group">
+                                                                    <input class="form-control" type="text" name="website_security_code" value="{{$website_security_code}}" id="website_security_code" />
+                                                                    <span class="input-group-btn">
+                                                                        <button class="btn btn-default" type="button" onclick="makeWebsiteSecurityCode()">生成</button>
+                                                                        <button class="btn btn-success" type="button" onclick="setWebsiteSecurityCode()">修改</button>
+                                                                    </span>
+                                                                </div>
+                                                                <span class="help-block"> 非空时必须通过安全码入口访问 </span>
+                                                            </div>
+                                                        </div>
+                                                        <div class="col-md-6 col-sm-6 col-xs-12"></div>
+                                                    </div>
                                                 </div>
                                             </form>
                                         </div>
@@ -2477,6 +2493,30 @@
             });
         }
 
+        // 生成网站安全码
+        function makeWebsiteSecurityCode() {
+            $.get("{{url('makeSecurityCode')}}",  function(ret) {
+                $("#website_security_code").val(ret);
+            });
+        }
+
+        // 设置网站安全码
+        function setWebsiteSecurityCode() {
+            var website_security_code = $("#website_security_code").val();
+
+            $.post("{{url('admin/setConfig')}}", {
+                _token: '{{csrf_token()}}',
+                name: 'website_security_code',
+                value: website_security_code
+            }, function (ret) {
+                layer.msg(ret.message, {time: 1000}, function () {
+                    if (ret.status == 'fail') {
+                        window.location.reload();
+                    }
+                });
+            });
+        }
+
         // 登录加积分的时间间隔
         function setLoginAddScoreRange() {
             var login_add_score_range = parseInt($("#login_add_score_range").val());

resources/views/admin/userList.blade.php

@@ -80,8 +80,8 @@
                                 <thead>
                                 <tr>
                                     <th> # </th>
-                                    <th> 订阅码 </th>
                                     <th> 用户名 </th>
+                                    <th> 订阅码 </th>
                                     <th> 端口 </th>
                                     <th> 连接密码 </th>
                                     <th> 加密方式 </th>
@@ -104,8 +104,8 @@
                                         @foreach ($userList as $user)
                                             <tr class="odd gradeX {{$user->trafficWarning ? 'danger' : ''}}">
                                                 <td> {{$user->id}} </td>
-                                                <td> <a href="javascript:;" class="copySubscribeLink" data-clipboard-text="{{$user->link}}" title="点击复制订阅链接">{{$user->subscribe->code}}</a> </td>
                                                 <td> {{$user->username}} </td>
+                                                <td> <a href="javascript:;" class="copySubscribeLink" data-clipboard-text="{{$user->link}}" title="点击复制订阅链接">{{$user->subscribe->code}}</a> </td>
                                                 <td> <span class="label label-danger"> {{$user->port ? $user->port : '未分配'}} </span> </td>
                                                 <td> <span class="label label-default"> {{$user->passwd}} </span> </td>
                                                 <td> <span class="label label-default"> {{$user->method}} </span> </td>
@@ -206,7 +206,7 @@
 
         // 批量生成账号
         function batchAddUsers() {
-            layer.confirm('将自动生成5个账号，确定继续吗？', {icon: 3, title:'警告'}, function(index) {
+            layer.confirm('将自动生成5个账号，确定继续吗？', {icon: 3, title:'注意'}, function(index) {
                 $.post("{{url('admin/batchAddUsers')}}", {_token:'{{csrf_token()}}'}, function(ret) {
                     layer.msg(ret.message, {time:1000}, function() {
                         if (ret.status == 'success') {
@@ -324,7 +324,7 @@
         // 复制订阅链接
         var clipboard = new Clipboard('.copySubscribeLink');
         clipboard.on('success', function(e) {
-            layer.alert("成功复制该用户的订阅链接");
+            layer.alert("成功复制该用户的订阅链接", {icon: 1});
         });
         clipboard.on('error', function(e) {
             console.log(e);

resources/views/subscribe/subscribeList.blade.php

@@ -46,8 +46,8 @@
                                 <thead>
                                 <tr>
                                     <th> # </th>
-                                    <th> 订阅码 </th>
                                     <th> 用户 </th>
+                                    <th> 订阅码 </th>
                                     <th> 请求次数 </th>
                                     <th> 最后请求时间 </th>
                                     <th> 封禁时间 </th>
@@ -64,7 +64,6 @@
                                         @foreach($subscribeList as $subscribe)
                                             <tr class="odd gradeX">
                                                 <td> {{$subscribe->id}} </td>
-                                                <td> <span class="label label-danger"> {{$subscribe->code}} </span> </td>
                                                 <td>
                                                     @if(empty($subscribe->user))
                                                         【账号已删除】
@@ -72,6 +71,7 @@
                                                         <a href="{{url('admin/userList?id=' . $subscribe->user->id)}}">{{$subscribe->user->username}}</a>
                                                     @endif
                                                 </td>
+                                                <td> <span class="label label-danger"> {{$subscribe->code}} </span> </td>
                                                 <td> <span class="label label-danger"> {{$subscribe->times}} </span> </td>
                                                 <td> {{$subscribe->updated_at}} </td>
                                                 <td> {{$subscribe->ban_time > 0 ? date('Y-m-d H:i:s') : ''}} </td>

routes/web.php

@@ -4,7 +4,7 @@ Route::get('s/{code}', 'SubscribeController@getSubscribeByCode'); // 节点订
 
 Route::group(['middleware' => ['isForbidden', 'affiliate']], function () {
     Route::get('lang/{locale}', 'AuthController@switchLang'); // 语言切换
-    Route::any('login', 'AuthController@login'); // 登录
+    Route::any('login', 'AuthController@login')->middleware('isSecurity'); // 登录
     Route::get('logout', 'AuthController@logout'); // 退出
     Route::any('register', 'AuthController@register'); // 注册
     Route::any('resetPassword', 'AuthController@resetPassword'); // 重设密码
@@ -15,6 +15,7 @@ Route::group(['middleware' => ['isForbidden', 'affiliate']], function () {
     Route::get('free', 'AuthController@free'); // 免费邀请码
     Route::get('makePasswd', 'Controller@makePasswd'); // 生成密码
     Route::get('makeVmessId', 'Controller@makeVmessId'); // 生成VmessId
+    Route::get('makeSecurityCode', 'Controller@makeSecurityCode'); // 生成网站安全码
 });
 
 Route::group(['middleware' => ['isForbidden', 'isLogin', 'isAdmin']], function () {

sql/db.sql

@@ -371,6 +371,7 @@ INSERT INTO `config` VALUES ('84', 'is_f2fpay', 0);
 INSERT INTO `config` VALUES ('85', 'f2fpay_app_id', '');
 INSERT INTO `config` VALUES ('86', 'f2fpay_private_key', '');
 INSERT INTO `config` VALUES ('87', 'f2fpay_public_key', '');
+INSERT INTO `config` VALUES ('88', 'website_security_code', '');
 
 -- ----------------------------
 -- Table structure for `article`

sql/update/20190220.sql

@@ -0,0 +1,2 @@
+-- 网站安全码
+INSERT INTO `config` VALUES ('88', 'website_security_code', '');